Date: Thu, 16 Mar 2017 23:00:08 +0000 (UTC) From: Matthias Andree <mandree@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r436311 - head/security/vuxml Message-ID: <201703162300.v2GN08wF088258@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mandree Date: Thu Mar 16 23:00:08 2017 New Revision: 436311 URL: https://svnweb.freebsd.org/changeset/ports/436311 Log: Document PuTTY < 0.68 agent forwarding vuln. Security: CVE-2017-6542 Security: 9b973e97-0a99-11e7-ace7-080027ef73ec Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Mar 16 22:59:19 2017 (r436310) +++ head/security/vuxml/vuln.xml Thu Mar 16 23:00:08 2017 (r436311) @@ -58,6 +58,44 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="9b973e97-0a99-11e7-ace7-080027ef73ec"> + <topic>PuTTY -- integer overflow permits memory overwrite by forwarded ssh-agent connections</topic> + <affects> + <package> + <name>putty</name> + <range><lt>0.68</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Simon G. Tatham reports:</p> + <blockquote cite="http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html">; + <p>Many versions of PuTTY prior to 0.68 have a heap-corrupting integer + overflow bug in the ssh_agent_channel_data function which processes + messages sent by remote SSH clients to a forwarded agent connection. [...]</p> + <p>This bug is only exploitable at all if you have enabled SSH + agent forwarding, which is turned off by default. Moreover, an + attacker able to exploit this bug would have to have already be able + to connect to the Unix-domain socket representing the forwarded + agent connection. Since any attacker with that capability would + necessarily already be able to generate signatures with your agent's + stored private keys, you should in normal circumstances be defended + against this vulnerability by the same precautions you and your + operating system were already taking to prevent untrusted people + from accessing your SSH agent.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html</url>; + <cvename>CVE-2017-6542</cvename> + </references> + <dates> + <discovery>2017-01-29</discovery> + <entry>2017-03-16</entry> + </dates> + </vuln> + <vuln vid="4ffb633c-0a3b-11e7-a9f2-0011d823eebd"> <topic>Flash Player -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703162300.v2GN08wF088258>